Tech Blog

Remote Repository Access Rights In Alma

Alma March 2017 release includes a new feature that enables the service tab (ViewIt) to indicate to a patron that access to a remote representation is denied by the remote repository. Until now, such an indication was supported for Alma representations only.

In order for Alma to present this indication, the remote repository must support a HEAD HTTP request to the remote repository for the given representation, according to the delivery URL template, and must return a 401 or 403 HTTP status code if access is denied. 403 should be returned in case access is unequivocally denied. In this case, the delivery link will be disabled. The repository may also return a denied note in an ‘X-Denied-Message’ header. If such a message is provided, Alma will present it in the public note area (overwriting the representation’s public note). If no message is provided, Alma will present the default denied note as defined in Alma.

A 401 response should be returned if the remote repository provides conditional access, such as a login. In this case the remote repository can return a relevant note in an ‘X-Denied-Message’ header (e.g. “Login is required”), which will be presented in the public note area, as described above. If no message is provided, the representation’s public note (if exists) will remain in place.

The remote repository must use SSL and support CORS. The following example demonstrates a request from Alma to Rosetta, the expected response headers to support CORS, as well as the aforementioned X-Denied-Message header accompanying a 403 code, containing the message to be displayed:

>>curl --head ""
HTTP/1.1 403 Forbidden
X-UA-Compatible: IE=11
X-Denied-Message: None shall pass
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, OPTIONS, HEAD
Access-Control-Expose-Headers: X-Denied-Message
Access-Control-Allow-Credentials: true
Content-Length: 0
Date: Wed, 04 Jan 2017 11:19:08 GMT

The restriction will be presented in Alma like this:

While waiting for a response from the remote repository, a spinner gif will indicate that access rights have not been resolved. Alma will wait 5 seconds for a response, after which the spinner will be removed and no indicator will be displayed.

This service is disabled by default, and can be activated by selecting the new ‘Check Access Rights’ checkbox in the Remote Repository configuration Delivery tab.

Note: This service is supported by Rosetta version 5.2 and higher. It is not supported when authentication method is PDS and the ‘use_sso’ General Parameter is set to true.


Leave a Reply